Alternate user communication routing

ABSTRACT

A system and methods for alternate user communication routing are described. Unauthorized users are identified and alternate treatments are provided in order to deter unauthorized access and create opportunities for data collection. The use of a varied set of alternate treatments provides an enhanced view of unauthorized user behavior and an increased ability to track future unauthorized user actions by recording various user identity/communication characteristics specific to known unauthorized users. Alternate treatments may be provided randomly based on a set of alternate treatments previously provided to a specific user, or may be varied based on an identified group of unauthorized users presumed to be acting in concert.

CROSS-REFERENCE OF RELATED APPLICATIONS

This application is a continuation of U.S. patent application Ser. No.15/995,830, filed Jun. 1, 2018, entitled “Alternate User CommunicationRouting,” the entirety of which is incorporated herein by reference.

FIELD

The present invention relates generally to deterring unauthorized users,and more particularly, to identifying unauthorized users and providingalternate treatments to deter the unauthorized users from accessinginformation.

BACKGROUND

Organizations institute systems and procedures for handling unauthorizedusers and/or unauthorized access requests. These systems and proceduresare tailored to identifying potential unauthorized users and/orunauthorized requests. However, improved systems and procedures areneeded for identifying potential unauthorized users and/or unauthorizedrequests and also to respond to the unauthorized users to deter (e.g.,prevent and/or reduce) future unauthorized requests.

SUMMARY

The following presents a simplified summary of one or more embodimentsof the present invention, in order to provide a basic understanding ofsuch embodiments. This summary is not an extensive overview of allcontemplated embodiments, and is intended to neither identify key orcritical elements of all embodiments nor delineate the scope of any orall embodiments. Its sole purpose is to present some concepts of one ormore embodiments of the present invention in a simplified form as aprelude to the more detailed description that is presented later.

Generally, systems, computer products, and methods are described hereinfor improved handling of unauthorized users and/or unauthorized accessrequests. It should be understood that the present invention is notlimited to use by a specific type of organization, company, agency,institution and the like. Rather, the described systems, computerproducts and methods for improved handling of unauthorized users and/orunauthorized access requests can be employed in any instance where it isbeneficial to identify, monitor, and deter such use and behavior. Thepresent invention is premised by the recognition that unauthorized usersmay often attempt to take advantage of an organization's securityprotocols and internal processes in efforts to bypass security systemsand policies. With that in mind, the present invention is aimed atpreventing unauthorized users from gaining access to systems orinformation by providing a variety of alternate treatments in order tothwart the unauthorized users' ability to detect patterns within anorganization or system's internal processes and security protocols. Forexample, the alternate treatment may be different than what treatmentwould be provided to an authorized user, or what treatment may betypically provided to an unauthorized user. In addition, the use ofalternate treatments increases the amount and variety of data collectedfor unauthorized users, providing an enhanced view of unauthorized userbehavior and an increased ability to track unauthorized user actions.

In some embodiments, alternate user communication routing consists ofreceiving a request for an action via a communication from a user via acommunication channel from one or more communication channels,determining authentication credentials for the user from thecommunication, determining that the user is an unauthorized user basedon the authentication credentials, providing an alternate treatment tothe unauthorized user, and capturing information from the unauthorizeduser based on the communication and the user's response to the alternatetreatment.

In some embodiments, the authentication credentials are user informationor device information received from the communication with the user.

In some embodiments, the alternate treatment comprises providing anextended period of hold time via one or more communication channels.

In some embodiments, the alternate treatment comprises providingalternative resource pool information.

In some embodiments, the alternate treatment comprises requestingadditional contact information from the unauthorized user in order tocontact the unauthorized user at a later time via a second communicationchannel.

In some embodiments, the invention is further configured to alert arepresentative communicating with the unauthorized user that theunauthorized user is unauthorized.

In some embodiments, the invention is further configured to preventalerting a representative communicating with the unauthorized user thatthe unauthorized user is unauthorized.

In some embodiments, the invention is further configured to identify oneor more previous alternate treatments provided to the unauthorized user,randomly select the alternate treatment based on the one or moreprevious alternate treatments, and record the use of the alternatetreatment. In some embodiments, the alternate treatment randomlyselected is different than the one or more previous alternatetreatments.

In some embodiments, the alternate treatment comprises requesting afirst additional authentication credential, receiving a first responsewith the first additional authentication credential from theunauthorized user, denying access to the unauthorized user based on thefirst response, requesting one or more additional authenticationcredentials, receiving one or more additional responses with the one ormore additional authentication credentials from the unauthorized user,and based on the one or more additional responses, granting the actionrequested by unauthorized user with limitations.

In some embodiments, the alternate treatment comprises disabling one ormore particular features associated with an action request from theunauthorized user.

In some embodiments, the alternate treatment comprises providing arequest identifier, wherein the request identifier is a specific numberassociated with an unauthorized user.

In some embodiments, the alternate treatment comprises providing one ormore alternative authentication credentials to the unauthorized user,wherein the alternative authentication credentials are specific to theunauthorized user or a particular group of unauthorized users.

In some embodiments, the alternate treatment comprises creating theappearance of naturally occurring communication issues by extending thetime for which a response to the unauthorized user request isinstituted.

In some embodiments, the alternate treatment comprises providing atagged one-time authentication credential, wherein the tagged one-timeauthentication credential a specific string of characters or phrasesspecific to the unauthorized user.

To the accomplishment the foregoing and the related ends, the one ormore embodiments comprise the features hereinafter described andparticularly pointed out in the claims. The following description andthe annexed drawings set forth certain illustrative features of the oneor more embodiments. These features are indicative, however, of but afew of the various ways in which the principles of various embodimentsmay be employed, and this description is intended to include all suchembodiments and their equivalents.

BRIEF DESCRIPTION OF THE DRAWINGS

Having thus described embodiments of the invention in general terms,reference will now be made to the accompanying drawings, and wherein:

FIG. 1 illustrates a block diagram of an unauthorized user determinationand treatment system environment, in accordance with one or moreembodiments of the invention.

FIG. 2 illustrates a high level process flow for determining anunauthorized user and providing an alternate treatment to theunauthorized user, in accordance with embodiments of the invention.

FIG. 3 illustrates a process flow for providing one or more of a set ofvarious possible alternate treatments to unauthorized users, inaccordance with embodiments of the present invention.

DETAILED DESCRIPTION OF EMBODIMENTS OF THE INVENTION

Embodiments of the invention will now be described more fullyhereinafter with reference to the accompanying drawings, in which some,but not all, embodiments of the invention are shown. Indeed, theinvention may be embodied in many different forms and should not beconstrued as limited to the embodiments set forth herein; rather, theseembodiments are provided so that this disclosure will satisfy applicablelegal requirements. In the following description, for purposes ofexplanation, numerous specific details are set forth in order to providea thorough understanding of one or more embodiments. It may be evident;however, that such embodiment(s) may be practiced without these specificdetails. Like numbers refer to like elements throughout.

Systems, methods, and computer program products are herein disclosed forimproved handling of unauthorized users and/or unauthorized accessrequests can be employed in any instance where it is beneficial toidentify, monitor, and deter such use and behavior. The presentinvention is premised by the recognition that unauthorized users mayoften attempt to take advantage of an organization's security protocolsand internal processes in efforts to bypass security systems andpolicies. With that in mind, the present invention is aimed atpreventing unauthorized users from gaining access to systems orinformation by providing a variety of alternate treatments in order tothwart the unauthorized users' ability to detect and take advantage ofpatterns within an organization or system's internal processes andsecurity protocols. For example, the alternate treatment may bedifferent than what treatment would be provided to an authorized user,or what treatment may be typically provided to an unauthorized user. Inaddition, the use of alternate treatments increases the amount andvariety of data collected for unauthorized users, providing an enhancedview of unauthorized user behavior and an increased ability to trackunauthorized user actions.

FIG. 1 illustrates an alternate treatment system environment 1, inaccordance with embodiments of the invention. As illustrated in FIG. 1,one or more organization systems 10 are operatively coupled, via anetwork 2, to one or more user computer systems 20 (e.g., authorizeduser systems and/or unauthorized user systems), one or more third-partysystems 30, and/or one or more other systems (not illustrated). In thisway, the organization systems 10 may receive communications, includingauthentication credentials, or the like, from a user 4 (e.g., one ormore associates, employees, agents, contractors, sub-contractors,third-party representatives, customers, or the like), which may be anauthorized user or an unauthorized user, and thereafter, utilize thesystems and processes described herein to identify unauthorized users,capture additional information for unauthorized users, and/or preventfuture actions by unauthorized users. As such, the one or moreorganization systems 10 may be utilized to identify unauthorized usersand take actions in order to capture unauthorized user information fromthe unauthorized users through communication with the user computersystems 20, the third party systems 30, and/or the other systems, aswill be discussed in further detail herein. As such, embodiments of thepresent invention allow for improved security through improvedidentification and monitoring of unauthorized users.

The network 2 illustrated in FIG. 1 may be a global area network (GAN),such as the Internet, a wide area network (WAN), a local area network(LAN), or any other type of network or combination of networks. Thenetwork 2 may provide for wireline, wireless, or a combination ofwireline and wireless communication between systems, services,components, and/or devices on the network 2.

As illustrated in FIG. 1, the one or more organization systems 10generally comprise one or more communication components 12, one or moreprocessor components 14, and one or more memory components 16. The oneor more processor components 14 are operatively coupled to the one ormore communication components 12 and the one or more memory components16. As used herein, the term “processor” generally includes circuitryused for implementing the communication and/or logic functions of aparticular system. For example, a processor component 14 may include adigital signal processor, a microprocessor, and variousanalog-to-digital converters, digital-to-analog converters, and othersupport circuits and/or combinations of the foregoing. Control andsignal processing functions of the system are allocated between theseprocessor components according to their respective capabilities. The oneor more processor components 14 may include functionality to operate oneor more software programs based on computer-readable instructions 18thereof, which may be stored in the one or more memory components 16.

The one or more processor components 14 use the one or morecommunication components 12 to communicate with the network 2 and othercomponents on the network 2, such as, but not limited to, the one ormore user computer systems 20, the one or more third-party systems 30,and/or one or more other systems. As such, the one or more communicationcomponents 12 generally comprise a wireless transceiver, modem, server,electrical connection, electrical circuit, or other component forcommunicating with other components on the network 2. The one or morecommunication components 12 may further include an interface thataccepts one or more network interface cards, ports for connection ofnetwork components, Universal Serial Bus (USB) connectors and the like.

As further illustrated in FIG. 1, the one or more organization systems10 comprise computer-readable instructions 18 stored in the one or morememory components 16, which in one embodiment includes thecomputer-readable instructions 18 of organization applications 17 (e.g.,web-based applications, dedicated applications, specializedapplications, or the like that are used to monitor, communicate with,and/or take actions with respect to the authorized users and/orunauthorized users). In some embodiments, the one or more memorycomponents 16 include one or more data stores 19 for storing datarelated to the one or more organization systems 10, including, but notlimited to, data created, accessed, and/or used by the one or moreorganization applications 17. The one or more organization applications17 may be applications that are specifically used for providing servicesto authorized users, for monitoring, communicating with, and/orcapturing information from unauthorized users, and/or the like (e.g., byinteracting with the user computer systems 20 and user applications 27,the third party systems 30 and third party applications 37, or othersystems).

As illustrated in FIG. 1, users 4 may try to access the organizationsystems 10 in order to access information from the organization systems(e.g., organization information, user information, resource poolinformation, or the like). In some embodiments the users 4 may beauthorized users, such as users that are supposed to have access to theorganization systems and/or associated applications, alternatively, theusers may be unauthorized users, such as users that are trying tomisappropriate information from authorized users, the organization,and/or third-parties, or the like. The users 4 may utilize the usercomputer systems 20 (e.g., authorized user computer systems orunauthorized user computer systems) to communicate with and/or accessinformation from the organization systems 10. As such, it should beunderstood that the one or more user computer systems 20 may be any typeof device, such as a desktop, mobile device (e.g., laptop, smartphonedevice, PDA, tablet, watch, wearable device, or other mobile device),server, or any other type of system hardware that generally comprisesone or more communication components 22, one or more processorcomponents 24, and one or more memory components 26, and/or the userapplications 27 used by any of the foregoing, such as web browsersapplications, dedicated applications, specialized applications, orportions thereof.

The one or more processor components 24 are operatively coupled to theone or more communication components 22, and the one or more memorycomponents 26. The one or more processor components 24 use the one ormore communication components 22 to communicate with the network 2 andother components on the network 2, such as, but not limited to, the oneor more organization systems 10, the one or more third-party systems 30,and/or the one or more other systems. As such, the one or morecommunication components 22 generally comprise a wireless transceiver,modem, server, electrical connection, or other component forcommunicating with other components on the network 2. The one or morecommunication components 22 may further include an interface thataccepts one or more network interface cards, ports for connection ofnetwork components, Universal Serial Bus (USB) connectors and the like.Moreover, the one or more communication components 22 may include akeypad, keyboard, touch-screen, touchpad, microphone, speaker, mouse,joystick, other pointer, button, soft key, and/or other input/output(s)for communicating with the users 4.

As illustrated in FIG. 1, the one or more user computer systems 20 mayhave computer-readable instructions 28 stored in the one or more memorycomponents 26, which in one embodiment includes the computer-readableinstructions 28 for user applications 27, such as dedicated applications(e.g., apps, applet, or the like), portions of dedicated applications, aweb browser or other applications that allow the one or more usercomputer systems 20 to operate, that allow users 4 to access and/or takevarious actions with respect to the one or more organizations systems 10through the use of the one or more user computer systems 20, or thelike.

As illustrated in FIG. 1, the one or more third-party systems 30 maycommunicate with the one or more organization systems 10 and/or the oneor more user computer systems 20 directly or indirectly. The one or morethird party systems 30, and/or third-party applications 37 thereof, mayprovide additional information to the one or more organization systems10. As such, the one or more third-party systems 30 are operativelycoupled, via a network 2, to the one or more organization systems 10,the one or more user computer systems 20, and/or the one or more othersystems. The one or more third-party systems 30 generally comprise oneor more communication components 32, one or more processor components34, and one or more memory components 36.

The one or more processor components 34 are operatively coupled to theone or more communication components 32, and the one or more memorycomponents 36. The one or more processor components 34 use the one ormore communication components 32 to communicate with the network 2 andother components on the network 2, such as, but not limited to, the oneor more organization systems 10, the one or more user computer systems20, and/or the one or more other systems. As such, the one or morecommunication components 32 generally comprise a wireless transceiver,modem, server, electrical connection, or other component forcommunicating with other components on the network 2. The one or morecommunication components 32 may further include an interface thataccepts one or more network interface cards, ports for connection ofnetwork components, Universal Serial Bus (USB) connectors and the like.

As illustrated in FIG. 1, the one or more third-party systems 30 mayhave computer-readable instructions 38 stored in the one or more memorycomponents 36, which in some embodiments includes the computer-readableinstructions 38 of one or more third party applications 37 that provideuser information (e.g., authorized user information and/or unauthorizeduser information) to the one or more organization systems 10. The accessto the one or more third-party systems 30, or applications thereof, maybe controlled by the one or more organization systems 10 and/or one ormore user computer systems 20, as will be described herein.

Moreover, as illustrated in FIG. 1, the one or more other systems (notillustrated) may be operatively coupled to the one or more organizationsystems 10, the one or more user computer systems 20, and/or the one ormore third-party systems 30, through the network 2. The other systemshave features that are the same as or similar to the features describedwith respect to the one or more organization systems 10, the one or moreuser computer systems 20, and/or the one or more third-party systems 30(e.g., one or more communication components, one or more processorcomponents, and one or more memory components with computer-readableinstructions of one or more applications, one or more datastores, or thelike). Thus, the one or more other systems communicate with the one ormore organization systems 10, the one or more user computer systems 20,the one or more third-party systems 30, and/or each other in same orsimilar way as previously described with respect to the one or moreorganization systems 10, the one or more user computer systems 20,and/or the one or more third-party systems 30.

FIG. 2 illustrates a high level process flow 100 for an alternatetreatment for routing for unauthorized users (e.g., identifyingpotential unauthorized users and/or providing alternate user treatmentroutings), in accordance with embodiments of the present invention.Block 110 of FIG. 2 illustrates that the one or more organizationsystems 10 receive a communication from a user. The communication mayinclude authentication credentials and/or a requested action from theuser. It should be understood that the one or more authenticationcredentials may be any type of authentication credential and/orcombination of authentication credentials. For example, in someembodiments, the one or more authentication credentials may include auser identification (e.g., user name, string of characters—numbers,alphabetic and/or symbols, e-mail address, phone number, or the like)and/or a password, computer system identification (e.g., mobile deviceidentifier, laptop device identifier, or the like), biometricidentification (e.g., fingerprint, eye scan, facial recognition, or thelike), security questions, or the like. Moreover, the requested actionmay be a request to access information from the organization (e.g.,confidential information of the organization, user information, and/orresource information, or the like). For example, the confidentialinformation of the organization may be customer information,organization operational information, organization resource information,or the like. In other examples, the user information may be personalinformation of a particular user, such as a customer, employee,representative, or the like (e.g., legal name, SSNs, addresses, phonenumbers, or the like), while the user resource information may includeresource pool information for the resource pools of the user (e.g.,resource pool numbers, resource pool balances, resource poolinteractions, such as transactions for products—goods and/or services,transfers, withdrawals, deposits, related resource pools and associatedresource pool information from within the organization or withthird-parties link together, or the like). It should be understood thatas discussed herein, when an authorized user and/or a unauthorized usertakes an action or initiates any form of communication, it may beperformed by the authorized user and/or unauthorized user, or it may beperformed by the authorized user computer system 20 and/or unauthorizeduser computer system 20, and/or other third-party system 30 for theauthorized user and/or the unauthorized user.

Block 120 of FIG. 2 illustrates that user information and/or usercomputer system information is captured from the user. This informationcan be used by the organization systems 10 to determine the identity ofthe user entering into the communication, making an action request,and/or taking the action and may be compared to data in the datastore 19in order to determine if the user 4 or user computer system 20 haspreviously communicated with and/or made an action request from theorganization systems 10. For example, the one or more organizationsystems 10 may utilize user information, computer system information, orthe like that is captured from the user 4 and/or user computer systems20 from the communication from the user 4 in order to determine theidentity of the user 4 entering into the communication. The identity ofthe user 4 entering into the communication may be associated with otherinformation stored by the organization systems 10, such as otherauthentication credentials, previous actions of the user, one-timecredentials previously presented to the user, resource pool information,user information, and the like. In addition, the organization systems 10may communicate the captured information to third party systems 30 forfurther data sharing and identification capabilities (e.g., sharecaptured information with third-parties in order to determine if theuser has been identified by another organization). In some embodiments,there may be a channel of communication established over network 2between one or more third-party systems 30 and/or organization systems10 to share information and enhance the ability of both systems toidentify the users and/or user computer systems 20 based on the capturedinformation.

FIG. 2 illustrates in block 130 that the one or more organizationsystems 10 may determine if the user is an unauthorized user bycomparing the user information and/or user computer system informationcaptured from the user 4 with stored information about unauthorizedusers. In some examples, the one or more organization systems 10 mayaccess information regarding unauthorized users (e.g., a databases ofunauthorized users and associated numbers, addresses, e-mail accounts,IP addresses, computer system identifications, Wifi identifiers, orother like information stored that may be related to identifiedunauthorized users). In other examples, patterns may be stored forunauthorized users that illustrate user actions over time that mayindicate that the user 4 in the present communication may potentially bean unauthorized user. For example, if the same system (e.g., based on IPaddress, phone number, or other system identifier) tries to accessmultiple accounts of different users within a time period (e.g., accessthree different user resource pools within 15 minutes, or the like) thesystem may be identified as an unauthorized user computer system. Itshould be understood, the determination of the whether or not the user 4and/or user computer system 20 is an authorized user and/or unauthorizeduser computer system may be based on the rules determined by eachorganization. For example, each organization may determine what userinformation, computer system information, and/or patterns of each user 4may identify the user 4 as potentially an unauthorized user.

In some embodiments, a user 4 may have an established history ofcommunicating over a particular channel (e.g., telephone, chat, e-mail,Internet phone, website, online portal, or the like) and/or with thirdparty systems 30 that may indicate a pattern of unauthorized activity,and the third party systems 30 may share this information over network 2with the organization systems 10. In some embodiments, the third partysystems 30 may be other organizations that are in the same business orindustry as the organization, and thus, may share information in orderto identify unauthorized users. In other embodiments, third partysystems 30 may represent a specialized organizations, such as aninvestigative agency that has identified unauthorized user activityassociated with specific user information, user computer information,and/or user behavior patterns. The data associated with specific userinformation, user computer information, and user behavior patterns mayexist solely with the organization systems 20 or third party systems 30,and/or may be exist with both parties. In some instances accessing userinformation from third parties may require the organization systems 10to initiate a request for third party verification or correlation ofcaptured user information over the network 2.

Block 140 of FIG. 2 illustrates that in response to determining that theuser 4 involved in the communication is, or is potentially, anunauthorized user, the one or more organization systems 10 may providean alternate treatment (e.g., randomized treatment, or the like) to theunauthorized user. For example, the alternate treatment may be differentthan what treatment would be provided to an authorized user, or whattreatment may be typically provided to an unauthorized user (e.g.,ending the communication with the unauthorized user). In someembodiments, the alternate treatment provided by the organizationsystems 10 may be randomized from a group of possible alternatetreatments 230. In this way, the unauthorized user is prevented frompreparing for or anticipating the alternate treatment. It should beunderstood that the alternate treatment may be based on thecommunication channel through which the unauthorized user is enteringinto the communication (e.g., call—Internet or telephone call, Internetchat, request made through a portal provided over the Internet, or thelike); the request the unauthorized user is making (e.g., request toaccess confidential information, request to change a password, requestto change contact information, request to enter into an interaction—froma specific resource pool, for a resource amount, to an associatedresource pool, or the like); the identity of the user (e.g., if theunauthorized user can be identified as a specific repeat unauthorizeduser to which alternate treatments have been previously provided); orthe like.

In some embodiments, the alternate treatment presented to anunauthorized user may be further based on a determination of what one ormore alternate treatments were previously presented to the unauthorizeduser. For example, if the last time the unauthorized user communicatedover a telephone call, the unauthorized user was placed on hold for anextended period of time (e.g., 2, 3, 4, 5, 10, or the like times thenormal wait time), the next time the unauthorized user is identified,the unauthorized user may be transferred to one or more differentrepresentatives (e.g., to extend the communication time of theunauthorized user), while the next time the unauthorized user isidentified, an indication may be provided to the unauthorized user thatparticular features related to the unauthorized user's action requestare not currently available. As such, the alternate treatments presentedto the unauthorized user may morph based on the action requests of theunauthorized user and the alternate treatments previously presented tothe unauthorized user.

It should be understood that in the situations where a representative ofthe organization is communicating with the unauthorized user, therepresentative may or may not know that the unauthorized user has beenidentified as unauthorized (e.g., potentially unauthorized or confirmedas unauthorized). In some instances it may be beneficial for therepresentative to be unaware that the unauthorized user is unauthorizedbecause the representative may be unfamiliar with handling unauthorizedusers. As such, in some embodiments, the one or more organizationsystems 10 may provide recommended alternate treatments (e.g.,escalation to a particular group of representatives that handlepotential misappropriation, extension of the communication, recommendedinquires to ask the unauthorized user, or the like) without indicatingto the representative the reason for the recommended alternatetreatment. In other embodiments, the representative may be aware thatthe unauthorized user has been identified as unauthorized. In someembodiments, if the representative is aware that the unauthorized useris unauthorized then the representative may be able to apply specificalternate treatments based on the communication with the unauthorizeduser. Various other alternate treatments that may be provided to theunauthorized user are outlined in FIG. 3 and are discussed in moredetail in that section of the specification.

Block 150 of FIG. 2 further illustrates that the one or moreorganization systems 10 capture information from the unauthorized userbased on the unauthorized user's responses to the alternate treatment.As discussed above, and in further detail below, the alternate treatmentmay be implemented not only to prevent the unauthorized user fromrealizing that the unauthorized user has been detected, but also tomonitor the unauthorized user in order to capture information from theunauthorized user that may help to identify other unauthorized usersand/or deter (e.g., reduce or prevent) further unauthorized access. Forexample, the one or more organization system 10 may be able to captureother personal information from the unauthorized user, may be able todetermine how the unauthorized user operates based on alternativeinformation, and/or may be able to determine other resource pools and/orother unauthorized users that the unauthorized user communicates withand/or transacts with.

As will be described in further detail herein, the one or moreorganization systems 10 gain advantages from randomizing the alternatetreatments provided to the unauthorized users. For instance, if theorganization systems 10 provides randomized alternate treatments, theunauthorized users are not able to decipher a specific set of treatmentsto routinely expect from the organization systems 10. As such, theunauthorized users are not able to discern whether or not they have beendetected as unauthorized based on the treatment pattern alone.Additionally, the unauthorized users may not have the informationrequired by every specific alternate treatment possibility, andtherefore, the task of additional verification for suspectedunauthorized users includes an additional level of complexity.Furthermore, the organization system 10 may gain a better understandingof the authorized user by observing genuine reactions from theunauthorized users which are prompted by the randomized alternatetreatments. For instance, the unauthorized user may have a scripted orrecorded response to a certain treatment for which they expect to beprovided from the system at a certain point in the authorizationprocess. By randomizing the alternate treatments provided to suspectedor confirmed unauthorized users, the system may place the user in asituation where they must revert to producing an original response. Thisallows for additional data points to be collected by the organizationsystem 10 in order to analyze the behavior and activity patterns ofspecific unauthorized users. These additional data points allow theorganization system to categorize the unauthorized user in more detailand later identify the unauthorized user with a higher degree ofconfidence.

FIG. 3 illustrates a high level process flow 200 for an alternatetreatment for routing for unauthorized users including alternatetreatments 230 that may be provided to unauthorized users in accordancewith embodiments of the present invention. A number of possiblealternate treatments 230 for unauthorized users are described in furtherdetail below; however, it should be understood that the possiblealternate treatments 230 discussed below are not an exhaustive list ofpossible alternate treatments.

As shown by block 210, the system 10 determines which alternatetreatments have already been provided to the unauthorized user based oninformation contained about unauthorized user. By varying the alternatetreatment provided to each unauthorized user, the system thwarts theability for any single user to gain knowledge that may help themanticipate system processes and take advantage of them in some way. Forinstance, the unauthorized user may have received a request foradditional contact information during its last attempt to accessresource pool information and may have retrieved such information sincethe unauthorized user's previous communication. The system 10 recognizesthe unauthorized user based on characteristics of the communication orauthentication credentials provided and the system 10 provides a newalternate treatment that has not previously been provided to theunauthorized user, as shown by block 220. In this way, even though theunauthorized user may have prepared or obtained the requisiteinformation to access the system based on a previous access attempt, thesystem 10 can adapt to thwart unauthorized access. The variation ofalternate treatments for unauthorized users may also be applied in agroup setting. For instance, if the system 10 recognizes, based oncommunication parameters, authentication credentials, or informationreceived from some other source, such as a third party source, that twoor more unauthorized users are acting as a group, the system 10 can takethis fact into account when determining which alternate treatments havealready been provided to the unauthorized users. Assuming that theunauthorized users are acting in concert, it may be beneficial to varythe alternate treatments such that no two users in the group receive thesame alternate treatment within a given time period for the reasonsstated above. Additionally, the system 10 may randomly select thealternate treatment from a group of available alternate treatments thathave not previously been provided to the unauthorized user or group ofunauthorized users. In this way, the unauthorized user or group ofunauthorized users will be unable to determine a pattern of alternatetreatments that are provided by the system 10 in every instance ofrepeated, unauthorized contact. Additionally, as mentioned previously,the unauthorized users may not have the information required by everyspecific alternate treatment possibility, and therefore, the task ofadditional verification for suspected unauthorized users includes anadditional level of complexity. Utilizing a randomization process forselecting alternate treatments also increases the likelihood ofeliciting genuine reactions from the unauthorized users which areprompted by the randomized alternate treatments. For instance, theunauthorized user may have a scripted or recorded response to a certaintreatment for which they expect to be provided from the system at acertain point in the authorization process. Randomizing the alternatetreatments provided to the unauthorized user increases the likelihoodthat the unauthorized user will be unprepared to respond to a particularalternate treatment and places the user in a situation where they mustrevert to producing an original response.

While the system 10 can provide a variety of possible alternatetreatments 230, the treatments themselves require some congruity inorder to remain believable to the unauthorized user or group ofunauthorized users. For instance, if the system 10 provides alternativeresource pool information via a mock website interface to anunauthorized user during its first attempt to access this information,the system 10 may log this information for future use with the sameunauthorized user. If the unauthorized user were to attempt to accessthe system a second time, perhaps via a separate channel ofcommunication such as via telephone, it would be important for thesystem 10 to provide the same alternative resource pool information asbefore, or at least slightly alter the resource pool information in abelievable way. Avoiding inconsistencies between the informationprovided in various alternate treatments increases the likelihood thatthe unauthorized user will remain unaware and unsuspecting of the factthat they are receiving false resource pool information and the like,thereby decreasing the likelihood that the unauthorized user willrealize they have been detected.

In some examples, the unauthorized user may enter into a communicationthrough a call (e.g., telephone call, Internet call, or the like),prompting the one or more organization systems 10 to provide analternate treatment of placing the unauthorized user on hold for anextended period of time, as shown in block 232 (e.g., 2, 3, 4, 5, 6, 7,8, 9, 10, times the normal hold time for an authorized user). Theincreased hold time may allow the one or more organization systems 10 togather more information about the unauthorized user, or may deter theunauthorized user from continuing an attempt at access. The length ofthe hold time may be varied by the systems 10 in order to give theappearance that the hold times are naturally based on a high volume ofcommunications with respect to a limited amount of available resources.At some time before or during the hold period, the one or moreorganization systems 10 might also request additional contactinformation for the unauthorized user and suggest to contact theunauthorized user at the end of the hold period for the convenience ofthe unauthorized user. In this instance, the offer to contact theunauthorized user in the future is made with the objective in mind ofobtaining more usable information about the identified unauthorized user(e.g., additional contact information, such as additional phone numbers,e-mail addresses, or the like).

As another example alternate treatment, in the instance where theunauthorized user is entering into a communication through a chat overthe Internet, the alternate treatment may be the same or similar to thealternate treatment for a telephone call. As such, the alternatetreatment may include placing the unauthorized user on hold or anextended period of time, requesting additional contact information,providing alternative resource pool information, providing alternativeauthentication credentials, providing a request identifier, or otherlike treatment in order to monitor and capture information from theunauthorized user.

As another example, after determining that an unauthorized user has madean action request to access particular information, the organization mayprovide alternative information, as shown by block 234 (e.g., fakeinformation that has no actual meaning). For example, if an unauthorizeduser is requesting information related to a resource pool, the one ormore organization systems 10 may provide alternative resource poolinformation to the identified unauthorized users (e.g., provide reducedbalances, or the like). For example, by providing a reduced resourcepool balance than what is actually in the resource pool, it may preventan unauthorized user from trying to misappropriate the resources fromthe resource pool (e.g., indicate that the resource pool only has abalance of $15, and thus, not worth the time for an unauthorized user totry to access). In some embodiments, after an unauthorized user isidentified a pattern may also be identified for the unauthorized user.The pattern may indicate that the unauthorized user does may takeactions within resource pools that have balances below a thresholdvalue. As such, the random treatment may be to provide an alternativeresource pool balance below the threshold value.

In other examples, the one or more organization systems 10 may provideother alternative information to an unauthorized user, such asalternative user information (e.g., alternative information may includeimitation, randomly generated, adversarial user name, or the like suchas fake information that has no actual meaning), other alternativeresource pool information (e.g., imitation linked accounts, or thelike), alternative interactions information (e.g., transactions, or thelike), or the like in order to allow the one or more organizationsystems 10 to track and/or monitor the unauthorized user. For example,an alternative resource pool interface may be provided that allows theunauthorized user to take actions within the alternative resource poolinterface that the unauthorized user believes is real in order tocapture other unauthorized users (e.g., names, or the like), othercontact information (e.g., e-mail addresses, phone numbers, or thelike), and/or other resource pool information (e.g., resource poolnumbers, locations, or the like) with which the unauthorized user istrying to interact. For example, the unauthorized user may be trying totransfer alternative resources from the alternative resource pool to anactual resource pool of the unauthorized user. In this way, theunauthorized user is given the impression that they have not beendetected, allowing the one or more organization systems 10 to monitorthe behavior of the unauthorized users for a longer period of time.

In other examples, the alternate treatment that is presented to theunauthorized user may be an indication that the organization has toinvestigate the request of the unauthorized user, or that theorganization has completed the request from the unauthorized user, andas such the organization systems 10 may provide a request identifier, asshown in block 236, (e.g., ticket number, request number, or the like)to the unauthorized user for future reference. The request identifiermay be a specific number that the organization systems 10 recognize asbeing associated with an unauthorized user. For example, should theunauthorized user utilize the request identifier in the future in orderto check on the status of an action request made by the unauthorizeduser and/or use the request identifier in order to repeat a previousaction request then the organization systems 10 can automaticallyidentify the user as an unauthorized user based on the requestidentifier provided by the unauthorized user.

In some embodiments, the alternate treatment may be indicating to theunauthorized user that one or more particular features associated withan action request from the unauthorized user is disabled, as shown byblock 238. In this way, the organization systems may present some of theinformation (e.g., actual information and/or imitation information) inwhich the unauthorized user is interested, but not provide the completeset of information. As such, the information provided to theunauthorized user is not useful to the unauthorized user, but may extendthe communication with the unauthorized user, and/or may allow theorganization to provide additional alternate treatments. For example, inresponse to indicating that some features are not available theorganization may request additional contact information to follow-upwith the unauthorized user, may provide a request identifier to trackthe unauthorized user, may provide alternative information to the user,or the like.

In some embodiments, the alternate treatment may include the systems 10providing alternative authentication credentials (e.g., alternativeauthentication credentials may include imitation security questionsand/or answers, imitation passwords or user names, incorrect securityquestions and/or answers, incorrect passwords or user names, or thelike) to the unauthorized user, as shown by block 240. As such, whensuch alternative authentication credentials is utilized in the futurethen the unauthorized user may be identified. For example, should theunauthorized user request access to the user information, theorganization system 10 may present the unauthorized user with analternative address, alternative phone number, alternative useridentification or the like. As such, should the one or more organizationsystems 10 receive the alternative address, the alternative phonenumber, the alternative user identification, or the like, orcombinations thereof in the future associated with a request from auser, then the one or more organization systems 10 may be able toidentify the user as an unauthorized user. In other examples, should theunauthorized user attempt to answer certain security questions, theorganization may provide alternative security answers to theunauthorized user. As such, when the unauthorized user tries to accessinformation from the organization in the future using the alternativesecurity answers, then the organization systems are able to identify theuser as unauthorized and present additional alternate treatments to theunauthorized user and/or capture additional information about theunauthorized user.

In the instance where the unauthorized user is entering into acommunication to access information over the Internet or on a call(e.g., access resource pool information, or the like), the alternatetreatment may be extending the time for which a response to the requestis instituted (e.g., provide an icon, such as a buffering icon, an errormessage, or the like), delaying the time for the response in order toidentify and/or create an alternative interface to display to theunauthorized user, as shown by block 242. For instance, the one or moreorganization systems 10 may identify a specific user computer that isknown to be associated with unauthorized access. As such, in the eventthat an unauthorized user is attempting to enter into a communication toaccess a resource pool through an online portal, website, computerprogram or the like, the one or more organization systems 10 have ampleopportunities to stall communication while creating the appearance ofnaturally occurring communication issues (e.g., buffering, Internetconnectivity, or the like). For instance, the response time from the oneor more organization systems 10 through an online portal may be reducedto create the appearance of a bad internet connection, overloaded servervolume, or browser compatibility issue. The stalling communication maycreate a lag-time or delay in communication, or may indicate a totallyfailed connection. In some embodiments, the one or more organizationsystems 10 may request or suggest that the identified unauthorized userattempt to access the online portal using a different Wifi or dataconnection, different browser, and/or different user computer system(e.g., hardware or applications—indicate that the mobile device and/orapplication do not meet system requirements). Should the unauthorizeduser utilize a different computer system or connection means, theorganization system is able to capture additional information about theunauthorized user. For instance, an unauthorized user may haveinadvertently enabled location services for a specific device orapplication, which these features were disabled in the unauthorizeduser's primary device or application used to make the initialcommunication. In other examples, the location of the unauthorized usermay be determined if they are required to communication through aparticular Wifi connection. In these examples, the alternate treatmentincreases the likelihood that the system 10 is able to gather usefulinformation about the unauthorized user and also deters the attempt atunauthorized access while avoiding the appearance that the unauthorizeduser has been detected.

As other examples of alternate treatments, in the instance where theunauthorized user is entering into any form of communication with theone or more organization systems 10, the unauthorized user may beprovided with a tagged one-time credential (e.g., one-time password, orthe like) to access the system, as shown by block 244. The taggedone-time credential may be embedded with markers that allow theorganization systems 10 to monitor the unauthorized user and/or anyaction requests made through the use of the alternative one-timecredential. For example, when the unauthorized user tries to utilize thetagged one-time credential, the organization systems 10 may identify theuser as unauthorized and determine how to respond. For the purposes ofcapturing further information, the one or more organization systems 10may request a separate channel of communication be used to transmit thetagged one-time credential, such as in a two factor authenticationprocess. The organization system 10 may request an alternate email,telephone number, or the like to transmit the tagged one-time credentialand may subsequently log the email address, telephone number and thelike for later reference and identification purposes.

In some embodiments, the tagged one-time credential may trigger an alerton the backend of the one or more organization systems 10 to alert therepresentative that they are communicating with an unauthorized user. Inother embodiments, the triggered alert may not be displayed to therepresentative communicating with the unauthorized user in order toavoid a change in the particular representative's behavior. In otherembodiments, the use of the tagged one-time credential may escalate thecommunication within the system such that the communication is re-routedto another representative trained to interact with unauthorized users.

In other examples, when the unauthorized user is entering into acommunication over a call or Internet chat, the alternate treatment mayinclude the one or more organization systems 10 requesting that theunauthorized user call back using a different telephone number,communicate using a different user computer system 10 or application, orthe like. The systems 10 may defer to a number of reasons to justifythis request, including a “poor connection,” low audio quality,difficulty hearing the user, a policy restriction on communicating via aparticular channel (e.g., a blocked phone number, private phone number,or the like). In this way, this alternate treatment increases thelikelihood that the user will provide additional information that thesystems 10 may retain for later reference and identification purposes.

In some embodiments, the one or more organization systems 10 may requestthat the unauthorized user provide additional information related to auser in order to proceed. For example, the organization systems 10 mayrequest a specific piece of information that the unauthorized useralready knows in order to create a false sense of confidence in theunauthorized user that they have bypassed an additional level ofsecurity. In some instances, the organization systems 10 may vary therequest for additional information such that the unauthorized user isrequired to make several access attempts before they are allowed tosucceed. This manufactured trial and error situation via alternatetreatment, as shown at block 248, increases the likelihood that theunauthorized user genuinely believes they have bypassed the systemsecurity undetected, when in reality the one or more organizationsystems 10 are aware that the user is unauthorized and is instead usingthe increased communication to gather more potentially usefulinformation about the unauthorized user.

As discussed herein, it should be understood that markers may beutilized along with information presented to the unauthorized user(e.g., the alternative information, the request identifiers, thealternative one-time credential, or the like). For example, should theunauthorized user request user information, security information,resource pool information, or the like, the one or more organizationsystems 10 may provide alternative user information, alternativesecurity information, alternative resource pool information, or the likealong with embedded markers that allow the organization systems 10 totrack where such alternative information is sent and/or used.

It should be understood that all of the possible alternate treatments230 have not been discussed, and the alternate treatments may changeover time for the same unauthorized user and/or based on the type ofaction request made by the unauthorized user. In addition, the alternatetreatment for a user may change if multiple unauthorized users or usercomputers are recognized by the one or more organization systems 10 asbeing associated. For instance, the one or more organization systems 10would avoid providing the same alternate treatment to two unauthorizedusers that may be related (e.g., of the same group). However, therecognition that two users are operating as a group may also prompt theone or more organization systems 10 to include some level of consistencyin the alternate treatments to each of the users to provide a falsesense that the unauthorized users have successfully misappropriatedinformation from the one or more organization systems 10. As an example,two unauthorized users operating in a group may both attempt to accessthe same resource pool information. In this situation, it would be idealfor the organization systems 10 to display the same credentials,resource pool amounts, alternative information, or the like (e.g., evenif the information is fake) in order to avoid indicating to the usersthat the organization systems 10 are displaying different credentials,resource pool amounts, or the like.

In order to prevent the unauthorized user from realizing that theunauthorized user has been identified as unauthorized, the alternatetreatments may allow some of the unauthorized user's requests in orderto capture more information about the unauthorized user. For example, inorder to capture more information from the unauthorized user, such asthe other unauthorized users and/or the resource pools that theunauthorized user may utilize, the organization systems 10 may allowparticular action requests. The allowed action requests may includeproviding the alternative information described herein, but in someembodiments the allowed action requests may include allowing some of theunauthorized user requests. For example, the organization may allow thetransfer of some information or set up pending resource transfers if theunauthorized user is making transfers within the databases of theorganization (e.g., resource transfers between resource pools within theorganization, or the like). As such, the organization systems 10 mayallow the unauthorized user to access non-confidential informationand/or illustrate that the unauthorized user may be successful (e.g.,providing confirmation notifications that make it appear that the userrequest has occurred) in order to capture additional information fromthe unauthorized user or the unauthorized user's associates.

In some embodiments, the one or more organization systems may provide anotification (e.g., on an interface provided to the unauthorized userover the Internet, over a call with a representative, or the like),indicating that the unauthorized user's request was allowed. However, inthe future, the organization systems 10 may provide follow-upcommunication with the unauthorized user indicating that the request didnot occur because of a particular reason (e.g., availability ofresources, application errors, or other like notifications that therequest did not process for a specific reason). The follow-upnotification may include a request for the unauthorized user to contactthe organization, or representative thereof, and in response additionalinformation may be captured from the unauthorized user. For example, theone or more organization systems 10 may be able to capture additionalcontact information (e.g., phone number, computer IP address, e-mail, orthe like), that the unauthorized user may be using in order to follow upwith the organization.

Generally, it should be understood that the organization will providerandom alternate treatments for handling an unauthorized user. In someembodiments, the organization would create random responses to theunauthorized user such that the unauthorized user does not know thathe/she has been identified as an unauthorized user, and/or is unable todetermine how he/she is going to be treated by the organization. Assuch, if the unauthorized user is unaware of whether or not theorganization has identified the unauthorized user as unauthorized, andthe unauthorized user is unable to predict how the organization withhandle the unauthorized user for specific requests, then theunauthorized user is less likely to develop and implement responses tomisappropriate information from the organization or its authorizedusers. It should be further understood that it may be beneficial toprevent the unauthorized user from knowing that he/she has beenidentified as unauthorized because should the unauthorized user realizethat the unauthorized user has been identified as unauthorized, then theunauthorized may be just end the communication (e.g., call or otheraction occurring through a portal, or the like) with the organizationand create a new communication with the organization through a differentchannel (e.g., move from phone interaction to Internet interaction, orthe like) or a different contact through the same channel (e.g., newphone, new computer system, new IP address, or the like).

It should be understood, that the systems described herein may beconfigured to establish a communication link (e.g., electronic link, orthe like) with each other in order to accomplish the steps of theprocesses described herein. The link may be an internal link within thesame entity (e.g., within the same organization) or a link with theother entity systems. In some embodiments, the one or more systems maybe configured for selectively responding to dynamic authenticationinquires. These feeds of resource usage and availability may be providedvia wireless network path portions through the Internet. When thesystems are not providing data, transforming data, transmitting thedata, and/or creating the reports, the systems need not be transmittingdata over the Internet, although it could be. The systems and associateddata for each of the systems may be made continuously available,however, continuously available does not necessarily mean that thesystems actually continuously generate data, but that a systems arecontinuously available to perform actions associated with the systems inreal-time (i.e., within a few seconds, or the like) of receiving arequest for it. In any case, the systems are continuously available toperform actions with respect to the data, in some cases in digitizeddata in Internet Protocol (IP) packet format. In response tocontinuously receiving real-time data feeds from the various systems,the systems may be configured to update actions associated with thesystems, as described herein.

Moreover, it should be understood that the process flows describedherein include transforming the data from the different systems (e.g.,internally or externally) from the data format of the various systems toa data format associated with a particular display. There are many waysin which data is converted within the computer environment. This may beseamless, as in the case of upgrading to a newer version of a computerprogram. Alternatively, the conversion may require processing by the useof a special conversion program, or it may involve a complex process ofgoing through intermediary stages, or involving complex “exporting” and“importing” procedures, which may convert to and from a tab-delimited orcomma-separated text file. In some cases, a program may recognizeseveral data file formats at the data input stage and then is alsocapable of storing the output data in a number of different formats.Such a program may be used to convert a file format. If the sourceformat or target format is not recognized, then at times a third programmay be available which permits the conversion to an intermediate format,which can then be reformatted.

As will be appreciated by one of skill in the art in view of thisdisclosure, embodiments of the invention may be embodied as an apparatus(e.g., a system, computer program product, and/or other device), amethod, or a combination of the foregoing. Accordingly, embodiments ofthe invention may take the form of an entirely hardware embodiment, anentirely software embodiment (including firmware, resident software,micro-code, etc.), or an embodiment combining software and hardwareaspects that may generally be referred to herein as a “system.”Furthermore, embodiments of the invention may take the form of acomputer program product comprising a computer-usable storage mediumhaving computer-usable program code/computer-readable instructionsembodied in the medium (e.g., a non-transitory medium, or the like).

Any suitable computer-usable or computer-readable medium may beutilized. The computer usable or computer readable medium may be, forexample but not limited to, an electronic, magnetic, optical,electromagnetic, infrared, or semiconductor system, apparatus, ordevice. More specific examples (a non-exhaustive list) of thecomputer-readable medium would include the following: an electricalconnection having one or more wires; a tangible medium such as aportable computer diskette, a hard disk, a random access memory (RAM), aread-only memory (ROM), an erasable programmable read-only memory (EPROMor Flash memory), a compact disc read-only memory (CD-ROM), or othertangible optical or magnetic storage device.

Computer program code/computer-readable instructions for carrying outoperations of embodiments of the invention may be written in an objectoriented, scripted or unscripted programming language such as Java,Pearl, Python, Smalltalk, C++ or the like. However, the computer programcode/computer-readable instructions for carrying out operations of theinvention may also be written in conventional procedural programminglanguages, such as the “C” programming language or similar programminglanguages.

Embodiments of the invention described above, with reference toflowchart illustrations and/or block diagrams of methods or apparatuses(the term “apparatus” including systems and computer program products),will be understood to include that each block of the flowchartillustrations and/or block diagrams, and combinations of blocks in theflowchart illustrations and/or block diagrams, can be implemented bycomputer program instructions. These computer program instructions maybe provided to a processor of a general purpose computer, specialpurpose computer, or other programmable data processing apparatus toproduce a particular machine, such that the instructions, which executevia the processor of the computer or other programmable data processingapparatus, create mechanisms for implementing the functions/actsspecified in the flowchart and/or block diagram block or blocks.

These computer program instructions may also be stored in acomputer-readable memory that can direct a computer or otherprogrammable data processing apparatus to function in a particularmanner, such that the instructions stored in the computer readablememory produce an article of manufacture including instructions, whichimplement the function/act specified in the flowchart and/or blockdiagram block or blocks.

The computer program instructions may also be loaded onto a computer orother programmable data processing apparatus to cause a series ofoperational steps to be performed on the computer or other programmableapparatus to produce a computer implemented process such that theinstructions, which execute on the computer or other programmableapparatus, provide steps for implementing the functions/acts specifiedin the flowchart and/or block diagram block or blocks. Alternatively,computer program implemented steps or acts may be combined with operatoror human implemented steps or acts in order to carry out an embodimentof the invention.

Specific embodiments of the invention are described herein. Manymodifications and other embodiments of the invention set forth hereinwill come to mind to one skilled in the art to which the inventionpertains, having the benefit of the teachings presented in the foregoingdescriptions and the associated drawings. Therefore, it is to beunderstood that the invention is not to be limited to the specificembodiments disclosed and that modifications and other embodiments andcombinations of embodiments are intended to be included within the scopeof the appended claims. Although specific terms are employed herein,they are used in a generic and descriptive sense only and not forpurposes of limitation.

INCORPORATION BY REFERENCE

To supplement the present disclosure, this application furtherincorporates entirely by reference the following commonly assignedpatent applications:

U.S. patent application Docket Number Ser. No. Title Filed On8398US1.014033.3208 15/995,830 ALTERNATE Jun. 1, 2018 USER COMMU-NICATION ROUTING 8399US1.014033.3209 15/995,824 ALTERNATE Jun. 1, 2018USER COMMU- NICATION ROUTING UTILIZING A UNIQUE USER IDENTIFICATION8400US1.014033.3210 15/995,831 ALTERNATE Jun. 1, 2018 USER COMMU-NICATION ROUTING FOR A ONE-TIME CREDENTIAL 8401US1.014033.321115/995,837 ALTERNATE Jun. 1, 2018 DISPLAY GENERATION BASED ON USERIDENTIFICATION 8402US1.014033.3212 15/995,894 ALTERNATE Jun. 1, 2018USER COMMU- NICATION HANDLING BASED ON USER IDENTIFICATION

What is claimed is:
 1. A system for alternate user communicationrouting, the system comprising: one or more memory components havingcomputer readable code store thereon; and one or more processingcomponents operatively coupled to the one or more memory components,wherein the one or more processing components are configured to executethe computer readable code to: receive a request for an action via acommunication from a user via a communication channel from one or morecommunication channels; determine authentication credentials for theuser from the communication; determine that the user is an unauthorizeduser based on the authentication credentials; identify one or moreprevious alternate treatments provided to the unauthorized user; selectan alternate treatment based on the one or more previous alternatetreatments, wherein the alternate treatment is different than the one ormore previous alternate treatments; provide the alternate treatment tothe unauthorized user; and capture information from the unauthorizeduser based on the communication and the user's response to the alternatetreatment.
 2. The system of claim 1, wherein the authenticationcredentials are user information or device information received from thecommunication.
 3. The system of claim 1, wherein the alternate treatmentcomprises providing an extended period of hold time via one or morecommunication channels.
 4. The system of claim 1, wherein the alternatetreatment comprises providing alternative resource pool information. 5.The system of claim 1, wherein the alternate treatment comprisesrequesting additional contact information from the unauthorized user inorder to contact the unauthorized user at a later time via a secondcommunication channel.
 6. The system of claim 1, wherein the one or moreprocessing components are further configured to execute the computerreadable code to: alert a representative communicating with theunauthorized user that the unauthorized user is unauthorized.
 7. Thesystem of claim 1, wherein the one or more processing components arefurther configured to execute the computer readable code to: preventalerting a representative communicating with the unauthorized user thatthe unauthorized user is unauthorized.
 8. The system of claim 1, whereinthe alternate treatment comprises: requesting a first additionalauthentication credential; receiving a first response with the firstadditional authentication credential from the unauthorized user; denyingaccess to the unauthorized user based on the first response; requestingone or more additional authentication credentials; receiving one or moreadditional responses with the one or more additional authenticationcredentials from the unauthorized user; and based on the one or moreadditional responses, granting the action requested by unauthorized userwith limitations.
 9. The system of claim 1, wherein the alternatetreatment comprises disabling one or more particular features associatedwith an action request from the unauthorized user.
 10. The system ofclaim 1, wherein the alternate treatment comprises providing a requestidentifier, wherein the request identifier is a specific numberassociated with the unauthorized user.
 11. The system of claim 1,wherein the alternate treatment comprises providing one or morealternative authentication credentials to the unauthorized user, whereinthe alternative authentication credentials are specific to theunauthorized user or a particular group of unauthorized users.
 12. Thesystem of claim 1, wherein the alternate treatment comprises creating anappearance of naturally occurring communication issues by extending atime period for which a response to the request for action isinstituted.
 13. The system of claim 1, wherein the alternate treatmentcomprises providing a tagged one-time authentication credential, whereinthe tagged one-time authentication credential a specific string ofcharacters or phrases specific to the unauthorized user.
 14. A computerimplemented method for alternate user communication routing, the methodcomprising: receiving, by one or more processor components, a requestfor an action via a communication from a user via a communicationchannel from one or more communication channels; determining, by one ormore processor components, authentication credentials for the user fromthe communication; determining, by one or more processor components,that the user is an unauthorized user based on the authenticationcredentials; identifying one or more previous alternate treatmentsprovided to the unauthorized user; selecting an alternate treatmentbased on the one or more previous alternate treatments, wherein thealternate treatment is different than the one or more previous alternatetreatments; providing, by one or more processor components, an alternatetreatment to the unauthorized user; and capturing, by one or moreprocessor components, information from the unauthorized user based onthe communication and the user's response to the alternate treatment.15. The method of claim 14, wherein the authentication credentials areuser information or device information received from the communication.16. The method of claim 14, wherein the alternate treatment comprisesproviding an extended period of hold time via one or more communicationchannels.
 17. The method of claim 14, wherein the alternate treatmentcomprises providing alternative resource pool information.
 18. Acomputer program product for alternate user communication routing, thecomputer program product comprising at least one non-transitorycomputer-readable medium having computer-readable program code portionsembodied therein, the computer-readable program code portionscomprising: an executable portion configured to receive a request for anaction via a communication from a user via a communication channel fromone or more communication channels; an executable portion configured todetermine authentication credentials for the user from thecommunication; an executable portion configured to determine that theuser is an unauthorized user based on the authentication credentials; anexecutable portion configured to identify one or more previous alternatetreatments provided to the unauthorized user; an executable portionconfigured to select an alternate treatment based on the one or moreprevious alternate treatments, wherein the alternate treatment isdifferent than the one or more previous alternate treatments; anexecutable portion configured to provide an alternate treatment to theunauthorized user; and an executable portion configured to captureinformation from the unauthorized user based on the communication andthe user's response to the alternate treatment.
 19. The computer programproduct of claim 18, wherein the authentication credentials are userinformation or device information received from the communication. 20.The computer program product of claim 18, wherein the alternatetreatment comprises providing an extended period of hold time via one ormore communication channels.